![]() In contrast, my demonstration downloads only data - a single XML configuration file and a single graphic image. A “real” auto-updater downloads and installs executable program code onto a user’s computer. What I propose is not an auto-updater as that term is generally used. Via these banners, Sony can assure that as many affected consumers as possible have timely, authoritative information about what has been done to their computers and about how Sony offers to make them whole. Sony should implement the method described above. But Sony’s existing banner messaging system gives Sony an easy, cost-effective way to reach them. Unlike Amazon (which already emailed users who bought an affected CD), Sony does not know the names or addresses of affected customers. But for the recall to make a meaningful difference - in actually helping ordinary users, not just in improving Sony’s PR standing - Sony needs to spread the word widely. Sony’s recall of affected CDs is a sensible start in undoing the harm and ill will XCP has caused. ![]() If the tag is repeated, the XCP player automatically rotates between the specified images. Notice the “rotatingbanner” and “time” constructs in the XML banner file above. Fortunately, the banner system explicitly anticipates placing multiple pieces of information in a single banner space. Clicking the banner opened a browser window to the URL specified in the HREF parameter.Ī notification banner shown in my Sony XCP Player, demonstrating the feasibility of using the banner system to notify users of the software installed on their computers.įor a very few artists, Sony already uses the notification system to provide updates to the XCP player’s information screens. In my test environment, Sony’s XCP player automatically retrieved my XML file, then retrieved the banner and showed it within the large banner box at the bottom of the player. Notice my inclusion of a banner image (blue) and a hyperlink (red). Finally, I posted an XML banner configuration file. I then wrote a replacement /toc/Connect?… script that sent back a reference to an XML file I wrote, rather than the ordinary reference to Sony’s nobanner.xml file. In place of this “nobanner” response, what if Sony’s connected server instead replied by sending a reference to a XML file that included relevant, timely disclosures? Using the HOSTS file on a test PC, I caused my test PC to think the server was at an IP address I controlled (rather than on a real Sony server). This document you requested has moved temporarily. Sony’s web server typically replies with a reference to a “nobanner.xml” file (green). GET /toc/Connect?type=redirect&uId= 1171 HTTP/1.1Īccept: application/*, audio/*, image/*, message/*, model/*, multipart/*, text/*, video/* A “uId” parameter (yellow) marks the CD being played and the specific section of the player in use. A typical outbound message is shown below. The Sony messaging system works as follows: Whenever a user plays an affected XCP CD, and whenever a user browses within certain sections of the player, the player sends a message to Sony’s server. Sony’s Messaging System A Demonstration Message But with small adjustments on Sony’s end - just changing the output of a single script on a Sony web server - the XCP player can automatically inform users of the software improperly installed on their hard drives, and of their resulting rights and choices. As Russinovich explained, usually Sony’s server sends back a null response. Every time a user plays a XCP-affected CD, the XCP player checks in with Sony’s server. But what about ordinary users, who don’t read the technology press and aren’t likely to learn their rights?Īs it turns out, there’s a clear solution: A self-updating messaging system already built into Sony’s XCP player. For savvy consumers who have followed this story, the exchange looks straightforward. Having bungled this situation, Sony has recalled affected CDs and announced an exchange program to swap customers’ affected CDs for XCP-free replacements. At least as bad, Sony initially provided no uninstall for the rootkit, and when Sony added an uninstaller, the process was needlessly complicated, prone to crashing, and a security risk. Notably, Sony didn’t disclose its practices in its installer or even in its license agreement. ![]() by preventing users from making copies of Sony music, and this protection for Sony comes at the cost of 1%-2% of CPU time (whether or not users are playing a Sony CD). The DRM software isn’t something a typical user would want the “rights” it manages are Sony’s rights, i.e. Late last month, Windows expert Mark Russinovich revealed Sony installing a rootkit to hide its “XCP” DRM (digital rights management) software as installed on users’ PCs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |